I want to limit an q.Get(q.Match(q.Index("index"... to only return docs with owner reference User

anders · March 15, 2021, 7:56pm

I have the following authenticated query with a token from logging in a user.

authClient(token).query(
      q.Get(q.Match(q.Index("item_number_reversed_owner")))
    );

I have the following corresponding index (that is reversed)

It matches the following docs and looks like this in the dashboard

I have tried the following predicate function, but It gives me a permissions error. It is referencing the terms, but am not sure how to select data.owner from the terms such that the user is returned and matches the Identity() in the function so that it returns true and allows me to only read the docs of the authed user with this Index.

("terms", Equals(Var("terms"), [Identity()]))

Hope someone can help with this. Thanks ahead of time

Update: I have tried the following but it doesnt event return the ref to the current user not sure why it should.

 const test = await authClient(token).query(
      q.Get(q.Match(q.Index("item_number_reversed_owner"), q.CurrentIdentity()))
    );

Heres the raw request

'{"get":{"match":{"index":"item_number_reversed_owner"},"terms":{"current_identity":null}}}'

anders · March 15, 2021, 9:11pm

I guess if I just remove the predicate function, there is no way for the user to pass a different identity becasue it is run on the server side, so I don’t need to check if they are the user in the predicate. Is this safe, because it will work then and it separates my index by the user like I want it to.

ewan · March 15, 2021, 9:23pm

If your index has terms defined, the Dashboard would be unable to show matching entries unless the terms were specified. So I think there might be a problem with your index definition.

Can you show me the result of this query (run it on the Shell screen in the Dashboard):

Get(Index("item_number_reversed_owner"))

Secondly, CurrentIdentity can only return a value when a token is used for authentication. The secret for a key would result in the error:

{
  errors: [
    {
      position: [],
      code: 'missing identity',
      description: 'Authentication does not contain an identity'
    }
  ]
}

Do you need to use a Role? Roles are for granting permissions, not for filtering data.

anders · March 15, 2021, 9:48pm

well isn’t the role attached to my User by membership and that is what gives access to the faunaDB index, I just gave it read permissions, and am checking by currentIdenitty in the terms, and it is functioning as I like now.

But from my prespective I think this is resolved now. Let me know if I am missing something. thanks

Typing that into the shell gives me

{
  ref: Index("item_number_reversed_owner"),
  ts: 1615837816910000,
  active: true,
  serialized: true,
  name: "item_number_reversed_owner",
  source: Collection("Decor"),
  terms: [
    {
      field: ["data", "owner"]
    }
  ],
  values: [
    {
      field: ["data", "itemNum"],
      reverse: true
    },
    {
      field: ["data", "owner"],
      reverse: true
    }
  ],
  partitions: 1
}

Topic		Replies	Views
Get documents from index matching value Help	3	198	August 26, 2022
How to paginate index which has terms and value? Help fql , best-practices , pagination , indexes	4	581	October 21, 2021
Query all documents with index NOT EQUAL to "x" Help fql , functions , indexes	2	271	August 24, 2022
Using python driver to search and return all documents where index matches a string value Help	2	309	August 18, 2022
Object as terms instead of scalar(s)? Help fql , feature-request	3	714	September 4, 2020

I want to limit an q.Get(q.Match(q.Index("index"... to only return docs with owner reference User

Related Topics